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Amendment s to the Claims 



1 . (Currently Amended) A method comprising: 

creating an enterprise policy object providing an enterprise-wide policy governing 
at least one of resource access and protocol use for a plurality of nodes within a 
networking environment organized within a plurality of arrays; 

creating at least one array policy object, each array policy object p**v*Jmg 
providing an array-wide policy governing resource access for one or more of the plurality 
of nodes organized within a corresponding array; and, 

for each of one or more of the at least one array policy object, inheriting an 
Ins tance of the enterprise-wide policy as the array-wide policy such that the array-wide 
policy of each array policy object is at least initially set to the enterprise-wide policy. 

2. (Original) The method of claim 1 , wherein the enterprise-wide policy 
includes a plurality of enterprise rules, each enterprise rule governing at least one of 
access to a particular resource and use of a particular protocol, each enterprise rule having 
a rule type selected from a positive rule type and a negative rule type, the positive rule 
type explicitly allowing at least one of access and use and the negative rule type explicitly 
denying at least one of access and use. 

3. (Original) The method of claim 2, wherein each array-wide policy 
includes a plurality of array rules at least initially equal to the plurality of enterprise rules 
upon the enterprise-wide policy inherited as each array-wide policy. 

4. (Original) The method of claim 3, further comprising, for a requested 
access via a requested protocol by a node organized within one of the plurality of arrays, 

applying the array-wide policy of the policy object corresponding to the one of the 
plurality of arrays to determine whether to allow the requested access via the requested 
protocol, such that the requested access via the requested protocol is allowed only where 
the requested access via the requested protocol is explicitly allowed by the plurality of 
rules and not explicitly denied by the plurality of rules; 
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allowing the requested access via the requested protocol in response to 
determining that the requested access via the requested protocol is allowed; and, 

denying the requested access via the requested protocol in response to determining 
that the requested access via the requested protocol is not allowed. 

5. (Original) The method of claim 1, further comprising, for each of one 
or more of the at least one array policy object, adjusting the array-wide policy after the 
array-wide policy has inherited the enterprise-wide policy. 

6. (Original) The method of claim 5, wherein 

the enterprise-wide policy includes a plurality of enterprise rules, each enterprise 
rule governing at least one of access to a particular resource and use of a particular 
protocol, each enterprise rule having a rule type selected from a positive rule type and a 
negative rule type, the positive rule type explicitly allowing at least one of access and use 
and the negative rule type explicitly denying at least one of access and use; and, 

each array-wide policy includes a plurality of array rules, the plurality of array 
rules at least initially equal to the plurality of enterprise rules upon the enterprise-wide 
policy inherited as each array-wide policy. 

7. (Original) The method of claim 6, wherein adjusting the array-wide 
policy comprises adding one or more new array rules to the plurality of array rules, each 
of the new array rules having a negative rule type explicitly denying one of access to a 
particular resource and use of a particular protocol. 

8. (Original) The method of claim 7, further comprising, for a requested 
access via a requested protocol by a node organized within one of the plurality of arrays, 

applying the array-wide policy of the policy object corresponding to the one of the 
plurality of arrays to determine whether to allow the requested access via the requested 
protocol, such that the requested access via the requested protocol is allowed only where 
the requested access via the requested protocol is explicitly allowed by the plurality of 
rules and not explicitly denied by the plurality of rules; 
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allowing the requested access via the requested protocol in response to 
determining that the requested access via the requested protocol is allowed; and, 

denying the requested access via the requested protocol in response to determining 
that the requested access via the requested protocol is not allowed. 

9. (Original) A computer-readable medium having stored thereon a 
computer program executable by a processor to perform the method of claim 1 . 

1 0. (Currently Amended) A method comprising: 

creating an enterprise policy object providing an enterprise-wide policy governing 
resource access for a plurality of nodes within a networking environment organized 
within a plurality of arrays; 

creating at least one array policy object, each array policy object pfevidtng 
providing an array-wide policy governing resource access for one or more of the plurality 
of nodes organized within a corresponding array; 

for each array policy object, inheriting an instance of the enterprise- wide policy as 
the array-wide policy such that the array-wide poticy of each array policy object is 
initially set to the enterprise-wide policy; and, 

for each of one or more of the at least one array policy object, adjusting the array- 
wide policy after the array-wide policy has inherited the enterprise-wide policy. 

1 1 . (Original) The method of claim 1 0, wherein 

the enterprise-wide policy includes a plurality of enterprise rules, each enterprise 
rule governing at least one of access to a particular resource and use of a particular 
protocol, each enterprise rule having a rule type selected from a positive rule type and 
negative rule type, the positive rule type explicitly allowing at least one of access and 
and the negative rule type explicitly denying at least one of access and use; and, 

each array-wide policy includes a plurality of array rules, the plurality of array 
rules initially equal to the plurality of enterprise rules upon the enterprise^ de policy 
inherited as each array-wide policy. 



a 
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1 2. (Original) The method of claim 1 1 , wherein adjusting the array-wide 
policy comprises adding one or more new array rules to the plurality of array rules, each 
of the new array rules having the negative rule type. 

13. (Original) The method of claim 12, further comprising, for a requested 
access via a requested protocol by a node organized within one of the plurality of arrays, 

applying the array-wide policy of the policy object corresponding to the one of the 
plurality of arrays to determine whether to allow the requested access via the requested 
protocol, such that the requested access via the requested protocof is allowed only where 
the requested access via the requested protocol is explicitly allowed by the plurality of 
rules and not explicitly denied by the plurality of rules; 

allowing the requested access via the requested protocol in response to 
determining that the requested access via the requested protocol is allowed; and. 

denying the requested access via the requested protocol in response to determining 
that the requested access via the requested protocol is not allowed. 

14. (Original) A computer-readable medium having stored thereon a 
computer program executable by a processor to perform the method of claim 10. 

1 5. (Currently Amended) A system for governing resource access 
among a plurality of nodes within a networking environment, at least one or more some 
of the plurality of nodes organized within a plurality of arrays, the system comprising: 

an enterprise-policy object providing an enterprise-wide policy governing resource 
access for nodes organized within at least one e^Kwe of the plurality of arrays; and, 

at least one array policy object, each array policy object providing an array-wide 
policy governing resource access for nodes organized within a corresponding array, one 
or more of the at least one array policy object inheriting an instance of the enterprise-wide 
policy as the array-wide policy such that the array-wide policy is at least initially set to 
the enterprise-wide policy. 
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1 6. (Original) The system of claim 1 5, wherein the enterprise^wide policy 
includes a plurality of enterprise rules, each enterprise rule governing at least one of 
access to a particular resource and use of a particular protocol, each enterprise rule having 
a rule type selected from a positive rule type and a negative rule type, the positive rule 
type explicitly allowing at least one of access and use and the negative rule type explicitly 
denying at least one of access and use. 

17. (Original) The system of claim 1 6> wherein the array-wide policy 
provided by each of the one or more of the at least one array policy object includes a 
plurality of array rules at least initially equal to the plurality of enterprise rules upon the 
enterprise-wide policy inherited as each array-wide policy. 

1 8. (Original) The system of claim 17, wherein the array-wide policy 
provided by each of the one or more of the at least one array policy object further 
includes one or more other array rules, each of the one or more other array rules having 
the negative rule type. 

1 9. (Original) The system of claim 15, wherein the array-wide policy 
provided by each of the at least one array policy object other than the one or more of the 
at least one array policy object inheriting the enterprise^ e policy does not inherit the 
enterprise-wide policy. 

20. (Original) The system of claim 1 9, wherein 

the enterprise-wide policy includes a plurality of enterprise rules, each enterprise 
rule governing at least one of access to a particular resource and use of a particular 
protocol, each enterprise rule having a rule type selected from a positive rule type and a 
negative rule type, the positive rule type explicitly allowing at least one of access and use 
and the negative rule type explicitly denying at least one of access and use; 

the array-wide policy provided by each of the one or more of the at least one array 
policy object includes a plurality of first array rules at least initially equal to the plurality 
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of enterprise rules upon the enterprise-wide policy inherited as each array-wide policy; 
and, 

the array-wide policy provided by each of the at least one array policy object other 
than the one or more of the at least one array policy object inheriting the enterprise-wide 
policy includes a plurality of second array rules not initially equal to the plurality of 
enterprise rules, each second array rule having a rule type selected from the positive rule 
type and the negative rule type. < 

21. (Original) The system of claim 20, wherein the array-wide policy 
provided by each of the one or more of the at least one array policy object further 
includes one or more other first array rules, each of the one or more other first array rules 
having the negative rule type. 

22. (Original) The system of claim 1 5, further comprising at least one node 
policy object, each node policy object providing a node policy governing resource access 
for a corresponding node of the plurality of nodes other than the one or more of the 
plurality of nodes organized within the plurality of arrays. 



a 



23. (Original) The system of claim 22, wherein the node policy includes 
plurality of node rules, each node rule governing at least one of access to a particular 
resource and use of a particular protocol, each node rule having a rule type selected from 
a positive rule type and a negative rule type, the positive rule type explicitly allowing at 
least one of access and use and the negative rule type explicitly denying at least one of 
access and use. 

24. (New) The method of claim 3, wherein the enterprise-wide policy 
and the array-wide policy are overseen according to one of a plurality of modes 

comprising; 

an enterprise-only mode; 
an integrated mode; 
an array-only mode; and 
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a stand-alone mode. 



25 (New) The method of claim 24 wherein, when overseen according 

to the integrated mode, each array rule added to the array-wide policy beyond those 
inherited from the enterprise-wide policy is of the negative rule type. 

26. (New) The method of claim I , wherein the enterprise-wide policy is 
capable of governing both resource access and protocol use. 

27. (New) The method of claim 26 3 wherein governing protocol use 
comprises: 

allowing the use of at least one protocol; and 
denying the use of at least one protocol. 

28. (New) The method of claim 1, wherein: 

the enterprise policy object is secured with a first set of security permissions; and 
the array policy object is secured with a second set of security permissions. 

29. (New) The method of claim 28, wherein each set of policy object 
security permissions comprises: 

a read permission; 

a write permission; and 

a change permission. 

30. (New) The method of claim 29, wherein each set of policy object 
security permissions further comprises: 

a write owner permission; 

a write discretionary access control permission; and 
a change system access control list permission. 



PAGE 11/15 1 RCVD AT 11/24/2004 12:46:46 PM [Eastern Standard Time] * SVR:USPTO-EFXRF-1/0 * DNIS:8729306 1 CSID:2062243557 * DURATION (mm-ss):M-00 



